Essential PHP Security
My critically-acclaimed guide to secure PHP programming.
This is nothing short of a seminal work on web application security as it applies specifically to PHP.
HTTP Developer’s Handbook
The definitive guide to the HTTP protocol for web developers.
Where the book really sparkles is in the section on improving performance. Few books have looked at the HTTP protocol's underlying mechanisms for controlling caching as this one. In lucid prose, Shiflett presents the various caching directives and their exact meaning.
- Programming PHP
- I wrote the chapter on security for this book, published by O’Reilly in 2006.
- PHP Cookbook
- I wrote about a dozen recipes for this book, published by O’Reilly in 2006.
- PHP in Action
- I am listed as a co-author, but I only wrote the chapter on security for this book, published by Manning in 2007. It's my most recent attempt to summarize what a PHP developer should know about security.
- Smashing Magazine
- I have only written once for Smashing Magazine, but I hope to change that soon. I serve on the editorial panel, so I frequently offer feedback for aspiring authors.
- PHP Architect
- I used to write a regular column for PHP Architect called Security Corner. They were nice enough to let me retain all the rights, so I can make them available here.
- PHP Magazine
- I used to write a regular column called Guru Speak for the now-defunct PHP Magazine.
- 2600: The Hacker Quarterly
- I wrote my first two articles for 2600, a quarterly magazine I used to read regularly.
The full list of published articles is also available with some useful and current discussion in the comments.